Documentation
¶
Overview ¶
Package csrf implements a CSRF protection middleware based on the double submit cookie pattern.
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrInvalidToken = errors.New("authentication/csrf: invalid token") ErrTokenMismatch = errors.New("authentication/csrf: token mismatch") ErrTokenNotFound = errors.New("authentication/csrf: token not found") )
View Source
var ( DefaultFieldName = "csrf_token" DefaultHeaderName = "X-CSRF-Token" DefaultCookieName = "csrf_token" )
View Source
var (
DefaultTokenLength = 32
)
View Source
var (
ErrNoChecksumSecret = errors.New("authentication/csrf: checksum secret is not provided")
)
Functions ¶
func Middleware ¶
func Middleware(secret string, config ...func(*Config)) (middleware.MiddlewareFunc, error)
Middleware returns a middleware that adds CSRF token to the request context.
func SetToken ¶
func SetToken(w http.ResponseWriter, tok *Token)
SetToken sets the CSRF token in the given HTTP response via cookie.
Types ¶
type Config ¶
type Config struct {
IgnoredMethods []string // optional (default: [GET, HEAD, OPTIONS, TRACE])
ErrorHandler errorhandler.ErrorHandler // optional (default: errorhandler.DefaultErrorHandler)
ChecksumSecret string
TokenLength int // optional (default: 64)
HeaderName string // optional (default: "X-CSRF-Token")
FieldName string // optional (default: "csrf_token")
CookieName string // optional (default: "csrf_token")
CookieSameSite http.SameSite // optional (default: http.SameSiteLaxMode)
CookieSecure bool
}
Config is the configuration for the CSRF middleware.
type Token ¶
type Token struct {
// contains filtered or unexported fields
}
Token implements CSRF token using the double submit cookie pattern.
func FromContext ¶
FromContext returns the CSRF token associated with the given context.
func FromRequest ¶
FromRequest returns the CSRF token associated with the given HTTP request.
Source Files
Click to show internal directories.
Click to hide internal directories.